Utah Politician Looking To Tackle Doxing, DoS Attacks And Swatting With New Slate Of Cybercrime Amendments

from the as-usual,-bill-has-arrived-in-completely-unfinished-state dept

Three of the Four Horsemen of the Internet Apocalypse (*Revenge Porn not included) are being targeted by Utah legislator David Lifferth with a package of amendments to the state's cybercrime statutes.

Utah Representative David E. Lifferth (R) has filed House Bill 225 which modifies the existing criminal code to include cyber crimes such as doxing, swatting and DoS (denial of service) attacks. According to the amendments, these crimes can now range anywhere from misdemeanors to second-degree felonies.

As is often the case when (relatively) new unpleasantness is greeted with new legislation, the initial move is an awkward attempt to bend the transgressions around existing laws, or vice versa. Lifferth's is no exception. As GamePolitics points out, only one of the new crimes is specifically referred to by its given name: DoS attacks. The other two can only be inferred by the wording, which is unfortunately broad.

Swatting becomes:

[making] a false report to an emergency response service, including a law enforcement dispatcher or a 911 emergency response service, or intentionally aids, abets, or causes a third party to make the false report, and the false report describes an ongoing emergency situation that as reported is causing or poses an imminent threat of causing serious bodily injury, serious physical injury, or death; and states that the emergency situation is occurring at a specified location.

It's the stab at doxing that fares the worst. In its present form, the wording would implicate a great deal of protected speech. This is the wording Lifferth would like to add to the "Electronic communication harassment" section.

electronically publishes, posts, or otherwise makes available personal identifying information in a public online site or forum.

Considering it's tied to "intent to annoy, alarm, intimidate, offend, abuse, threaten, harass, frighten, or disrupt the electronic communications of another," the amended statute could be read as making the publication of personal information by news outlets a criminal activity -- if the person whose information is exposed feels "offended" or "annoyed." Having your criminal activities detailed alongside personally identifiable information would certainly fall under these definitions, which could lead to the censorship (self- or otherwise) of police blotter postings, mugshot publication or identifying parties engaged in civil or criminal court proceedings.

It also would to make "outing" an anonymous commenter/forum member/etc. a criminal act, even if the amount of information exposed never reaches the level of what one would commonly consider to be "doxing." Would simply exposing the name behind the avatar be enough to trigger possible criminal charges?

While it's inevitable that lawmakers will have to tangle with these issues eventually, it's disheartening to see initial efforts being routinely delivered in terrible -- and usually unconstitutional -- shape. We expect our legislators to be better than this. After all, it's their job to craft laws and to do so with some semblance of skill and common sense. If nothing else, we expect them to learn something from previous failures to pass bad laws, whether theirs or someone else's.

Filed Under: cybercrime, david lifferth, dos attacks, doxing, doxxing, swatting, utah